CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-1407

Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.6%

CVSS Severity

CVSS v2 Score 4.3

References

http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf
http://osvdb.org/101919
http://osvdb.org/101921
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf
http://osvdb.org/101919
http://osvdb.org/101921

Products affected by CVE-2014-1407

Conceptronic » C54apm » Version: v2

cpe:2.3:h:conceptronic:c54apm:v2
Conceptronic » C54apm Firmware » Version: 1.26

cpe:2.3:o:conceptronic:c54apm_firmware:1.26

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-1407

Products

Pricing

Contact Us